journal-triggerd

Latest version: 0.2.1

The latest version of journal-triggerd can be downloaded
here.
For Arch Linux users, the AUR has a
PKGBUILD.

You can find the source code on
this GitHub,
where you can also report bugs, send suggestions or other (constructive)
feedback.

What is journal-triggerd ?

journal-triggerd is a small daemon that runs in the background, listening to
systemd's journal, and will run "triggers" (i.e. exec a given command line) when
certain messages are added.

Which messages to listen for, and what action to run when such messages are
added, is simply define via rules.

Rules

Rules are defined in (UTF8 encoded) text files, whose names must end with
.rule and placed in /etc/journal-triggerd.rules

Any file whose name not end in .rule will be ignored. Files are not processed
in any defined order, neither will rules be processed in any given order; Not
that it should matter, since all rules are always processed against every new
message added to the journal.

A rule is composed of two things : a filter, used to match messages added to the
journal, and a trigger, to be run when match occurs.

Rule File Format

Rule files have a syntax similar to that of conf/INI files, or systemd's unit
files. A section [Rule] must exist, where filter/trigger be defined.

The trigger is simply a command line, define under option trigger

A filter can be either a list of conditions to match, or use boolean logic to
create more complex filtering. For the former, no option under [Rule] is needed,
simply create a section [Filter] and define the conditions there.

To create more complex filters, an option filer can be set under [Rule] and
must be an expression that can make use of parenthesis, AND, OR and
NOT as well as named filters/groups.

Those names are case-sensitive names of sections that must exist in the file,
where a list of conditions will be defined.

For example, one could use:

filter=foobar AND (foo OR bar) AND NOT barfoo

And there must be sections [foobar], [foo], [bar], and [barfoo] defined in the
rule file, all of which defining one or more conditions to be matched.

It is of course possible to only use one group name, i.e. when no option
filter is set, it defaults to filter=Filter

Define multiple rules in one file

As a facility it is possible to define multiple rules from a single file, thus
allowing to use the same groups in different filters. To do so, simply create an
option filterXXX with a matching triggerXXX

For example:

[Rule]
filter_foo=foo AND NOT foobar
trigger_foo=foobar --foo
filter_bar=bar AND NOT foobar
trigger_bar=foobar --bar
filter=foobar AND (foo OR bar)
trigger=foobar --foobar

Conditions

The heart of a filter is a group of conditions, defined simply as a section in
the rule file. All conditions are simply the name of a field from the journal,
an optional comparison operator before the required equal sign (=), and the
value to compare with.

The supported operators are :

Exact match: =
The field must be of the specified value.

Pattern match: ?
You can use * and ? wildcards with similar semantics as the standard
glob functions: * matches an arbitrary, possibly empty, string, ?
matches an arbitrary character.

Lesser match: <
The value must be an integer, the value of the field will also be parsed as
an integer value, and must be less than or equal to the specified value to
match.

Greater match: >
The value must be an integer, the value of the field will also be parsed as
an integer value, and must be greater than or equal to the specified value
to match.

You can specify as many conditions as you want in each group; All will need to
be a match for the entire group to be a match. You can specify conditions on the
same field multiple times.

It is also possible to prefix the comparison operator with a ! in order to
inverse the match, i.e. the field shall not match the condition for it to be a
match.